Stolen NSA Hacking Tools For Sale In Bizarre Auction

The hackers who are auctioning off Cyber-weapons allegedly stolen from the National Security Agency are growing annoyed and want cash.

In what Edward Snowden deems “not unprecedented,” hackers calling themselves the Shadow Brokers have collected NSA-created malware from a staging server run by the Equation Group, an internal hacking team. The Shadow Brokers have now published two chunks of data, one “open” chunk and another encrypted file containing the “best files” that they will sell for at least $1 million. Wikileaks has said they already own the “auction” files and will publish them in “due course.”

The ShadowBrokers' sale of the stolen tools has so far generated little interest, the hackers complained in a message posted online, using broken English.

"TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said. At the outset, their auction only had one substantial bid at 1.5 bitcoins, or $918. Many of the other bids were valued at less than $1. 

The hackers originally dumped a sample of the stolen hacking tools back in mid-August, and independent security experts later found the tools to actually work. The tools include exploits designed to compromise firewall and router products from Cisco, Juniper Networks and Fortinet, and are probably worth a fortune.

The hackers claim they have more Cyber-weapons to sell. However, they've taken the unusual step of offering them up through an open online auction relying on bitcoin.

Although anyone can participate, the hackers haven't said when they'll accept the final bid. The hackers also hoped to receive 1 million bitcoins, or $611 million, in exchange for leaking all they stole for free to the public. The unusual conditions have led some security researchers to suspect the auction is a publicity stunt. But the ShadowBrokers claim in their latest posting that the auction is real, despite "sounding crazy."

"Expert peoples is saying Equation Group Firewall Tool Kit worth $1 million," the group said. "TheShadowBrokers is wanting that $1 million."

They made the auction public to draw in the most bidders and never expected a bid of 1 million bitcoins, they added.  "Anticipate end (to the auction) when reasonable sum raised and bidding stops," the hackers added.

Although the ShadowBrokers are offering no guarantees, they did claim they have many more hacking tools that can target other platforms such as Windows, Linux and mobile devices. The tools up for auction will target one of these platforms and include ways to hack a system remotely and remain a persistent threat, they said. "Value estimated in millions of euros/dollars," the group added. 

It's unclear if the tools are really from the NSA. But the hackers claim to have stolen them from the Equation Group, an elite Cyber-espionage team suspected to work for the US government.

The hackers are hoping that victims and adversaries of the Equation Group will eventually bid on the auction. But the ShadowBrokers appear to be growing impatient. Their posting was also riddled with expletives.  

"TheShadowBrokers is wanting quick end too so be making [expletive] bids," the hackers said. 


TechCrunch:     Computerworld


 

« Overwhelming Cyber Attacks On Healthcare
Dealing With Insider Data Theft »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Titans24

Titans24

Titans24 is a Software-as-a-Service security platform for web applications. It prevents attacks on business websites that are protected under 11 cyber-security layers.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

Saidot

Saidot

Saidot is a Finnish AI governance and alignment company committed to helping businesses safely and transparently integrate AI into their operations.

CyberNut

CyberNut

CyberNut are a security awareness training solution built exclusively for schools.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.

Claratti

Claratti

Clarrati are a team of innovators. Industry leaders in the cloud computing, remote working, and work-from-home space. We partner with you to empower your business for the future.

Point3 Security

Point3 Security

Point3 Security is a premier information security organization that provides the industry with the talent screening and analytical tools to enhance its workforce.